F: Implementation of Harbor-based Docker Registry Appliance for OpenNebula Marketplace

Harbor Docker Registry Appliance for OpenNebula Marketplace

Feature Description

Implementation of a Harbor-based Docker registry appliance for publication in the OpenNebula Marketplace. This appliance will provide a robust and secure Docker registry environment using Harbor.

Main Characteristics:

Base OS: Ubuntu 22.04.
Registry Platform: Harbor an open-source and self-hosted registry for container images.

Use Case

As part of the 6GSandbox project, this Docker registry appliance will enhance the OneKE offer by allowing organizations to easily deploy and manage their own Docker registries.

Data Model

Inputs:

Hostname
Admin password
SSL certificate path
Private key path

Actions:

Bootstrap: Initial VM setup, including OS installation and network configuration.
Installation: Deployment and configuration of Docker and Harbor, including setting up Harbor's configuration files (harbor.yml) with the correct certificate paths and system settings.
Cleanup: Removal of unnecessary files to minimize disk footprint.

Documentation

This section will cover the deployment and management of the Harbor-based Docker registry appliance, including:

Installation guide
User manual for the Harbor interface
Troubleshooting tips

Tests

Test Descriptions:

Functionality Tests: Ensure the appliance boots correctly and Harbor operates as expected.
Integration Tests: Validate appliance integration with the existing OpenNebula infrastructure.

Testing Environment:

Tests will be performed in a micro-environment mimicking a typical SME setup.
New microenv needed? Jenkins?

Other Considerations

Security Implications:

SSL/TLS setup validation for secure communications.

New Files:

Installation scripts
Default configuration files for Harbor

References

Work Plan

Phase 1: Selection and setup of the base OS, Docker and Harbor Installation and VM conversion to QCOW2 image (1 day).
Phase 2: Testing and documentation preparation (2 days).
Phase 3: Submission to the OpenNebula Marketplace and Feedback (2 days).
Phase 4: Final Adjustments and Release (2 days).

Step-by-Step Installation Guide

1. Update and Install Necessary Packages

sudo apt update && sudo apt install openssl ca-certificates curl gnupg -y

2. Set Up Docker Repository

sudo install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo $VERSION_CODENAME) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt update
sudo apt install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y

3. Generate SSL Certificates

mkdir certs
openssl req -x509 -nodes -days 730 -newkey rsa:4096 -sha256 -keyout certs/harbor.testlab.local.key -addext "subjectAltName = DNS:harbor.testlab.local" -out certs/harbor.testlab.local.crt
sudo mv certs/harbor.testlab.local.crt /etc/ssl/certs/
sudo mv certs/harbor.testlab.local.key /etc/ssl/private/

4. Download and Install Harbor

curl -s https://api.github.com/repos/goharbor/harbor/releases/latest | grep browser_download_url | cut -d '"' -f 4 | grep '\.tgz$' | grep online | wget -i -
tar -xvzf harbor-online-installer-v.tgz
cp harbor.yml.tmpl harbor.yml
nano harbor.yml  # Modify the paths of certificate and private_key
sudo ./install.sh

Note: In the harbor.yml file, set the certificate and private_key fields to /etc/ssl/certs/harbor.testlab.local.crt and /etc/ssl/private/harbor.testlab.local.key, respectively.

5. Clean Up

sudo apt-get clean
sudo rm -rf /var/lib/apt/lists/*

6. Convert VM Disk to QCOW2 Image

sudo qemu-img convert -f raw -O qcow2 /dev/xvda1 converted.qcow2
gzip converted.qcow2

OpenNebula / one-apps